/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the kms-2014-11-01.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.KeyManagementService.Model { ///

/// Container for the parameters to the GetPublicKey operation. /// Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric /// KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey /// permission can download the public key of an asymmetric KMS key. You can share the /// public key to allow others to encrypt messages and verify signatures outside of KMS. /// For information about asymmetric KMS keys, see Asymmetric /// KMS keys in the Key Management Service Developer Guide. /// /// /// /// You do not need to download the public key. Instead, you can use the public key within /// KMS by calling the Encrypt, ReEncrypt, or Verify operations with /// the identifier of an asymmetric KMS key. When you use the public key within KMS, you /// benefit from the authentication, authorization, and logging that are part of every /// KMS operation. You also reduce of risk of encrypting data that cannot be decrypted. /// These features are not effective outside of KMS. /// /// /// /// To help you use the public key safely outside of KMS, GetPublicKey returns /// important information about the public key in the response, including: /// ///

/// /// KeySpec: /// The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521. /// ///
/// /// KeyUsage: /// Whether the key is used for encryption or signing. /// ///
/// /// EncryptionAlgorithms /// or SigningAlgorithms: /// A list of the encryption algorithms or the signing algorithms for the key. /// ///

/// /// Although KMS cannot enforce these restrictions on external operations, it is crucial /// that you use this information to prevent the public key from being used improperly. /// For example, you can prevent a public signing key from being used encrypt data, or /// prevent a public key from being used with an encryption algorithm that is not supported /// by KMS. You can also avoid errors, such as using the wrong signing algorithm in a /// verification operation. /// /// /// /// To verify a signature outside of KMS with an SM2 public key (China Regions only), /// you must specify the distinguishing ID. By default, KMS uses 1234567812345678 /// as the distinguishing ID. For more information, see Offline /// verification with SM2 key pairs. /// /// /// /// The KMS key that you use for this operation must be in a compatible key state. For /// details, see Key /// states of KMS keys in the Key Management Service Developer Guide. /// /// /// /// Cross-account use: Yes. To perform this operation with a KMS key in a different /// Amazon Web Services account, specify the key ARN or alias ARN in the value of the /// KeyId parameter. /// /// /// /// Required permissions: kms:GetPublicKey /// (key policy) /// /// /// /// Related operations: CreateKey /// ///

public partial class GetPublicKeyRequest : AmazonKeyManagementServiceRequest { private List _grantTokens = new List(); private string _keyId; ///

/// Gets and sets the property GrantTokens. /// /// A list of grant tokens. /// /// /// /// Use a grant token when your permission to call this operation comes from a new grant /// that has not yet achieved eventual consistency. For more information, see Grant /// token and Using /// a grant token in the Key Management Service Developer Guide. /// ///

[AWSProperty(Min=0, Max=10)] public List GrantTokens { get { return this._grantTokens; } set { this._grantTokens = value; } } // Check to see if GrantTokens property is set internal bool IsSetGrantTokens() { return this._grantTokens != null && this._grantTokens.Count > 0; } ///

/// Gets and sets the property KeyId. /// /// Identifies the asymmetric KMS key that includes the public key. /// /// /// /// To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using /// an alias name, prefix it with "alias/". To specify a KMS key in a different /// Amazon Web Services account, you must use the key ARN or alias ARN. /// /// /// /// For example: /// ///

/// /// Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab /// ///
/// /// Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab /// /// ///
/// /// Alias name: alias/ExampleAlias /// ///
/// /// Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias /// ///

/// /// To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. /// To get the alias name and alias ARN, use ListAliases. /// ///

[AWSProperty(Required=true, Min=1, Max=2048)] public string KeyId { get { return this._keyId; } set { this._keyId = value; } } // Check to see if KeyId property is set internal bool IsSetKeyId() { return this._keyId != null; } } }